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ABSTRACT 



Controlling access to a file includes selecting, by a first 
network node in a peer to peer file sharing system, a file to 
make available for sharing with a second network node in 
the peer to peer file sharing system, the file beiog stored on 
the first network node. TTie first network node sends index 
information associated with the selected file to the second 
network node. The second network node subsequently per- 
forms a local search of a set of index information associated 
with a set of files stored in the peer to peer file sharing 
system to locate the index information for the selected file; 
and requests a copy of the selected file from the first network 
node using the index information. 
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PARTIALLY REPLICATED, LOCALLY SEARCHED 
PEER TO PEER FILE SHARING SYSTEM 

BACKGROUND 

[0001] 1. FIELD 

[0002] The present invention relates generally to distrib- 
uted file systems and protocols and, more specifically, to file 
security in peer to peer media sharing systems. 

[0003] 2. DESCRIPTION 

[0004] There are at least several peer to peer media 
sharing systems in current use on computer networks such as 
the Internet. Napster™ is a popular system wherein a central 
server performs all searches for requested files and returns 
the names of files and their network addresses on each 
system in the network that match the request. In Gnutella™, 
another popular peer to peer system, users make search 
requests that are propagated throughout a network and 
perform searches on each machine in the network. In 
FreeNet™, there is no search ability. To retrieve a file using 
FreeNet, the user must already know the file's true name, 
which may be extremely difficult to guess. 

[0005] Both Gnutella and Napster store index information 
to support searches outside the requester's machine (e.g., on 
other machines in the network), causing scarce network 
bandwidth to be consumed every time any user in the 
network performs a search for a desired file. Neither Gnu- 
tella nor Napster provide any hiding of files in the network. 
In either system, making a file available to one user of the 
network makes it available to all users of the network. This 
may be undesirable for personally -created files, because the 
owner may wish to make only certain files available to 
certain people, but not to the world at large. Napster or 
Gnutella could be modified to associate file access permis- 
sions with index information, but this produces other prob- 
lems. In Gnutella, because index information is replicated as 
files are shared among network nodes, the system would 
then have to solve the problem of maintaining consistent 
permissions in replicated indices. In Napster, after adding 
permissions to each file in the main database, the system 
would still require a central server with the associated 
disadvantages of a lack of fault tolerance and difficulty in 
maintaining scalability. 

[0006] For peer to peer file sharing systems supporting the 
sharing of personally created media such as digital photo- 
graphs, videos, and music, the lack of privacy inherent in 
these systems is troubling to some users. Furthermore, the 
search capabilities of such systems are inefficient. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0007] The features and advantages of the present inven- 
tion will become apparent from the following detailed 
description of the present invention in which: 

[0008] FIG. 1 is a diagram of an example portion of a 
network illustrating controlled file sharing according to an 
embodiment of the present invention; and 

[0009] FIG. 2 is a flow diagram of file sharing processing 
according to an embodiment of the present invention. 

DETAILED DESCRIPTION 

[0010] An embodiment of the present invention is a 
method of controlling sharing and searching of file infor- 



mation in a distributed file system operating as a private peer 
to peer network. In one embodiment, the invention may be 
implemented in a peer to peer media sharing system. In 
typical peer to peer media sharing systems such as Napster 
and Gnutella, the file data being shared among users is 
professionally created and widely distributed data (e.g., 
music files encoded in the Moving Pictures Experts Group 
(MPEG) audio layer 3 (MP3) format, digital video clips 
encoded in various formats, etc.). That is, the data may be 
posted and made available in multiple copies and at multiple 
network nodes within the distributed network. In contrast, in 
embodiments of the present invention, the system may be 
designed to selectively share individually created and nar- 
rowly distributed data. For example, the data being shared 
may be digital photographs or digital videos created by an 
individual for sharing only among his or her immediate 
social connections such as family and friends, but not with 
others. The present invention takes advantage of the single 
point of creation of this type of data (and single point of 
posting the data) to control sharing of the knowledge of the 
existence of files through a private peer to peer network. By 
controlling the sharing of the knowledge of the files on the 
network, privacy may be maintained. 

[0011] In embodiments of the present invention, index 
information about files may be communicated among nodes 
of the network separately from the file data. The index 
information may be selectively propagated through a public 
network such as the Internet only between nodes operated by 
people having social connections (e.g., friends and family), 
and the file data may be selectively propagated more nar- 
rowly in the network, again only between friends and family. 
This in effect creates a private peer to peer network within 
a larger public network (such as the Internet, for example). 

[0012] In the present invention, individually created and 
narrowly distributed media may be shared with selected 
people such that the media is largely undiscoverable by 
others. There are many prior art systems where all index 
information is shared with other parties (such as distributed 
text retrieval systems), and in which the subsets of index 
information are chosen for reasons other than privacy (for 
example, mobile computer synchronization systems). In 
contrast, embodiments of the present invention share 
selected subsets of index information in a distributed file 
system with selected other users in a controlled manner, 
thereby improving the security of shared files of the peer to 
peer network and the privacy interests of the users of the ad 
hoc private peer to peer network. Since in the present 
invention index information is shared only about files that 
one user wishes to make available to another user, users who 
do not receive the index information about a file cannot 
easily discover that file's existence, and thus cannot request 
that file from the first user's system. Embodiments of the 
present invention also perform file searches locally, reducing 
consumption of network bandwidth, yet preserving advan- 
tageous fault tolerance of a configuration not requiring a 
central server. 

[0013] Reference in the specification to "one embodi- 
ment" or "an embodiment" of the present invention means 
that a particular feature, structure or characteristic described 
in connection with the embodiment is included in at least 
one embodiment of the present invention. Thus, the appear- 
ances of the phrase "in one embodiment" appearing in 
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various places throughout the specification are not neces- 
sarily all referring to the same embodiment. 

[0014] Embodiments of the present invention comprise a 
network of file storage systems, each file storage system 
having index information describing one or more of the files 
on that one system and a (possibly empty) subset of files on 
other systems in the network. Each file may have a globally 
unique identifier associated with the file that may be very 
difficult to guess. The identifier may be part of the index 
information for the file. Each system has the ability to 
communicate with a subset of nodes in the network (for 
example, a user of a file storage system may communicate 
with his or her friends and family via their file storage 
systems). In various embodiments, a file storage system may 
be a personal computer (PC), an engineering workstation, a 
set top box, a personal digital assistant (PDA), a cellular 
phone, a mainframe computer, an Internet appliance, or any 
other device for storing and accessing file data via a com- 
munications network. A file storage system may also be 
referred to herein as a network node. Each network node 
may communicate with one or more other network nodes. 
The network may be a local area network (LAN), a wide 
area network (WAN), the Internet, or any other communi- 
cations network. The files may store any digitally repre- 
sented data, for example, audio data, video data, image data, 
or text data. In one embodiment, the file data comprises 
digital photographs and the file storage systems (nodes) are 
PCs coupled to one another via the Internet, although the 
invention is not limited in scope in this respect. In this 
embodiment, each PC stores the owner's collection of 
personally created digital photographs and videos, and pho- 
tographs and videos that friends or family members have 
shared with the owner. 

[0015] FIG. 1 is a diagram of an example portion of a 
network for controlled file sharing according to an embodi- 
ment of the present invention. This example illustrates 
multiple network nodes interacting with each other in a 
privately organized peer to peer network based on social 
connections. In one embodiment, the private peer to peer 
network may be formed to communicate digital photographs 
amongst network members, with each digital photograph 
being stored in a file, although the data shared may be of any 
type or for any purpose. In this example, John 10 knows Bob 
12 and Mary 14. Of course this example is merely for 
illustrative purposes and does not limit the scope of the 
invention. The circles shown in FIG. 1 represent the file 
storage systems (network nodes) of the people discussed in 
the example, yet there may be many more network nodes in 
the network that are not shown. 

[0016] Assume for the sake of illustration that John has 
some personally created media that he wishes to share with 
selected other people he knows. The files may be stored on 
John's system 10. As part of creating each file storing the 
data (e.g., digital photograph data), Bob assigns the file a 
globally unique and very hard to guess identifier (for 
example, file #13572431234890), using any of several well 
known methods for generating globally unique and/or very 
hard to guess identifiers. Identifiers for the files may be 
chosen to be very hard to guess in order to reduce the ability 
of another network node to request copies of files for which 
the node has not received index information about the files. 
John decides to make part of his media collection, part A 16, 
available for access by his friend Bob 12, and another part, 



part B 18, available for access by his friend Mary 14. John 
also decides to keep another part, part C 20, private. In other 
words, John does not want to make any files in part C of his 
collection available for access by anyone (at least not to Bob 
or Mary at this point in time), 

[0017] In order to selectively make certain files available 
for access by others in the private peer to peer network, 
John's system 10 sends index information 22 describing part 
A of his collection to Bob's system 12, and index informa- 
tion 24 describing part B of his collection to Mary's system 
14. Note that the size of the index information communi- 
cated to the other network nodes is relatively small com- 
pared to the size of the files (photographs, videos, etc.) to be 
shared. The index information may comprise data such as, 
but not limited to, a unique and very hard to guess file 
identifier, a caption or title, an image thumbnail, a creation 
date, a creator name, file size, format type, and other 
identifying information. Of course, FIG. 1 describes merely 
one simplistic example, and with the present invention 
John's system could send index information for any possible 
subset of John's files to any one or more other users in the 
network, in any combination and at any time. The example 
shown in FIG. 1 implies that the files in part A are exclusive 
of the files in part B or part C, but the invention is not limited 
in scope in this respect; the parts of the file collections 
specified in any given set of index information sent to one 
or more network nodes may be overlapping. 

[0018] At some time in the future, Bob may search his 
locally stored index information for some particular file or 
files. For example, suppose Bob is looking for all photo- 
graphs taken on June 12 at Bob's birthday party, which was 
attended by John, Mary, and others. The locally stored index 
information may include index information about Bob's 
own files (which are stored on Bob's system), as well as 
index information about the files of others (which are not 
stored on Bob's system). The index information about the 
files of others may have been received from those friends 
and family members as described immediately above. In this 
example, the local search may return information about 
some of Bob's photographs, and about some of John's 
photographs, from part A 22 of John's collection, the index 
information for which was previously shared with Bob. Bob 
decides he wants to see a selected one of John's photographs 
from the party from John's collection that Bob knows about, 
so Bob's system 12 retrieves the globally unique identifier 
for the selected file from the associated index information 
stored locally on Bob's system. Bob's system then sends a 
file request 26 for the selected file from part A of John's 
collection (e.g., for file #42258543274590) to John's sys- 
tem. John's system fields the request and returns the 
requested file to Bob's system. 

[0019] ' Notice that since Mary does not have index infor- 
mation about part A of John's collection, she cannot easily 
request any of those files (e.g., photographs), and is unaware 
that those files exist. Mary can only request files in part B of 
John's collection, because she only has index information, 
including the file identifiers, for files in part B. Bob cannot 
request any files from part B of John's collection, because he 
is unaware that they exist. Both Bob and Mary are unaware 
of the existence of part C of John's collection, which he has 
not shared with either person. Since the globally unique file 
identifiers are assigned such that they are very hard to guess, 
it may be very unlikely that Bob can guess the file identifier 
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of a file in John's collection for which Bob has not been 
informed of the associated index information. Thus, the 
present system of selectively sharing index information may 
improve file security and user privacy. Note also that 
searches for index information for selected files are per- 
formed locally rather than being broadcast to all network 
nodes. No global searches for files may be allowed. Instead, 
file requests may be made only for files for which index 
information has been shared. Hence, the sending of index 
information operates to grant access to selected files. Each 
network node searches the index information stored locally 
to determine what files the node has been given access to on 
other nodes. In some embodiments, the propagation of the 
index information through nodes of the network may be 
limited in order to curtail widespread dissemination of the 
files. 

[0020] FIG. 2 is a flow diagram of file sharing processing 
according to an embodiment of the present invention. At 
block 100, a first network node creates one or more files and 
stores the files locally at the first network node. The files 
may contain any data. Each file may be assigned a globally 
unique and very hard to guess identifier. At block 102, one 
or more files to be shared with a selected user (such as a 
friend or relative) may be selected. At block 104, index 
information for each of the files to be shared is created and 
sent to the selected user (i.e., the selected user's network 
node or rile storage system). At a minimum, the index 
informatioQ includes the globally unique and very hard to 
guess identifier for the file. The sharing of index information 
may be performed for any number of network nodes, in any 
combination of sets of index information. The sharing of the 
index information may in some embodiments be only with 
people that have social connections (e.g., they are friends, 
family members, etc.). The set of index information that may 
be shared from one network node to another network node 
may be a subset of the index information for all files 
available in the peer to peer file sharing system. Blocks 100, 
102, and 104 may be performed by a first network node that 
creates one or more files to be shared. In other embodiments, 
the index information may be propagated through the net- 
work to other nodes. 

[0021] At block 106, a second network node that has 
received index information from another network node 
(which may or may not be the node that created the index 
information (e.g., the first network node)) performs a search 
over all local index information available to that second 
network node. The index information stored locally at the 
second network node in effect makes the second node aware 
of and grants access to files stored on the first network node 
and possibly other nodes. At block 108, the second network 
node requests one or more matching files from the owners of 
each file based on the file identifiers contained in the locally 
stored index information. Thus, the index information is 
used to obtain a copy of a selected file. 

[0022] The present invention thus provides better privacy 
than existing peer to peer methods and systems. In Gnutella, 
for example, one cannot control who queries your publicly 
accessible file directories. In contrast, with the present 
invention, access may be granted only to those informed of 
the file identifiers via the sharing of index information. 
Blanket queries of file directories for index information or 
other file information may not be allowed. Instead, only 
requests for the actual file data may be supported. In some 



embodiments, either the files or the index information, or 
both, may be encrypted using known methods to provide 
additional security prior to sharing either the index infor- 
mation or the file with another network node. 

[0023] The techniques described herein are not limited to 
any particular hardware or software configuration; they may 
find applicability in any computing or processing environ- 
ment. The techniques may be implemented in hardware, 
software, or a combination of the two. The techniques may 
be implemented in programs executing on programmable 
machines such as mobile or stationary computers, personal 
digital assistants, and similar devices that each include a 
processor, a storage medium readable by the processor 
(including volatile and non-volatile memory and/or storage 
elements), at least one input device, and one or more output 
devices. Program code is applied to the data entered using 
the input device to perform the functions described and to 
generate output information. The output information may be 
applied to one or more output devices. 

[0024] Each program may be implemented in a high level 
procedural or object oriented programming language to 
communicate with a processing system. However, programs 
may be implemented in assembly or machine language, if 
desired. In any case, the language may be compiled or 
interpreted. 

[0025] Each such program may be stored on a storage 
medium or device, e.g., compact read only memory (CD- 
ROM), digital versatile disk (DVD), hard disk, magnetic 
disk, or similar medium or device, that is readable by a 
general or special purpose programmable machine for con- 
figuring and operating the machine when the storage 
medium or device is read by the computer to perform the 
procedures described herein. The system may also be con- 
sidered to be implemented as a machine-readable storage 
medium, configured with a program, where the storage 
medium so configured causes a machine to operate in a 
specific manner. Other embodiments are within the scope of 
the following claims. 

[0026] While this invention has been described with ref- 
erence to illustrative embodiments, this description is not 
intended to be construed in a limiting sense. Various modi- 
fications of the illustrative embodiments, as well as other 
embodiments of the invention, which are apparent to per- 
sons skilled in the art to which the inventions pertains are 
deemed to lie within the spirit and scope of the invention. 

What is claimed is: 

1. A method of controlling access to a file comprising: 

selecting, by a first network node in a peer to peer file 
sharing system, the file to make available for sharing 
with a second network node in the peer to peer file 
sharing system, the file being stored on the first network 
node; 

sending index information associated with the selected 
file from the first network node to the second network 
node; 

performing, by the second network node, a local search of 
a set of index information associated with a set of files 
stored in the peer to peer file sharing system to locate 
the index information for the selected file; and 
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requesting, by the second network node, a copy of the 
selected file from the first network node using the index 
information. 

2. The method of claim 1, wherein the index information 
comprises a globally unique identifier of the selected file. 

3. The method of claim 1, further comprising creating at 
least one file and associated index information by the first 
network node. 

4. The method of claim 1, wherein the index information 
is sent from the first network node to the second network 
node only when a user operating the first network node has 
a social connection to a user operating the second network 
node. 

5. The method of claim 1, wherein the set of index 
information stored on the second network node is a subset of 
the set of index information for all files of the peer to peer 
file sharing system. 

6. The method of claim 1, wherein at least one of the 
selected file and the index information is encrypted by the 
first network node. 

7. The method of claim 1, wherein reception of the index 
information grants access to the file associated with the 
index information. 

8. The method of claim 1, further comprising limiting 
propagation of the index information among network nodes. 

9. An article comprising: a storage medium having a 
plurality of machine readable instructions, wherein when the 
instructions are executed by a processor, the instructions 
provide for controlling access to a file by 

selecting, by a first network node in a peer to peer file 
sharing system, the file to make available for sharing 
with a second network node in the peer to peer file 
sharing system, the file being stored on the first network 
node; 

sending index information associated with the selected 
file from the first network node to the second network 
node; 

performing, by the second network node, a local search of 
a set of index information associated with a set of files 
stored in the peer to peer file sharing system to locate 
the index information for the selected file; and 

requesting, by the second network node, a copy of the 
selected file from the first network node using the index 
information. 



10. The article of claim 9, wherein the index information 
comprises a globally unique identifier of the selected file. 

11. The article of claim 9, further comprising instructions 
for creating at least one file and associated index information 
by the first network node. 

12. The article of claim 9, further comprising instructions 
for sending the index information from the first network 
node to the second network node only when a user operating 
the first network node has a social connection to a user 
operating the second network node. 

13. The article of claim 9, wherein the set of index 
information stored on the second network node is a subset of 
the set of index information for all files of the peer to peer 
file sharing system. 

14. The article of claim 9, further comprising instructions 
for encrypting at least one of the selected file and the index 
information by the first network node. 

15. The article of claim 9, wherein reception of the index 
information grants access to the file associated with the 
index information. 

16. The article of claim 9, further comprising instructions 
for limiting propagation of the index information among 
network nodes. 

17. A peer to peer file sharing system comprising: 

a plurality of network nodes, wherein each network node 
creates files and assigns a globally unique identifier to 
each created file, selects files to be shared with other 
network nodes, sends index information associated 
with each of the selected files to at least one other 
network node, performs local searches of index infor- 
mation obtained from other network nodes and index 
information created by the network node, and requests 
copies of one or more of the selected files from another 
network node using the index information for the one 
or more selected files obtained in the local searches. 

18. The peer to peer file sharing system of claim 17, 
wherein the files store at least one of digital photographs, 
digital videos, digital audio data, image data, or text data. 

19. The peer to peer file sharing system of claim 17, 
wherein the network nodes of the peer to peer system are 
operated by users having a social connection. 

***** 
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